您现在的位置是:首页 > cms教程 > Discuz教程Discuz教程
discuz验证过程介绍
海云2025-06-28Discuz教程已有人查阅
导读cdb_members表的secques字段是干嘛用的(二次操作验证之用)--意思是如果groupid='6', 那么ipbanned的值为真,为1清空了所有客户端cookie后的访问-
呵呵....
--疑惑-----
cdb_members表的secques字段是干嘛用的(二次操作验证之用)
--发现
-----清空了所有客户端cookie后的访问---------------
---这是为了论坛底部访问统计的查询
----删除所有游客
----------以下语句看起来是无用-----------
--sid来自cookie cdb_sid=QvC8mm , 这里不仅验证cookie,而且验证ip,保证了访问用户的身份是来自同一ip,
--那么被cookie复制欺骗的概率就大大的被降低了.对于论坛,安全到ip的级别应该是够用了.况且cdb_sid还是一个随机的字符.
-------passport登录过程\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--passport登录通过后,将密码和几个字段加密后写入cookie,cdb_auth,这样你再访问论坛,它会首先检查
--cdb_sid有无,再看cdb_auth有无,有,取这个cdb_auth,解密后,拿密码,uid和数据库表做对比,正确,则生成cdb_sid并
--插入记录到 session表 .
--疑惑-----
cdb_members表的secques字段是干嘛用的(二次操作验证之用)
--发现
SELECT groupid='6' AS ipbanned
--意思是如果groupid='6', 那么ipbanned的值为真,为1-----清空了所有客户端cookie后的访问---------------
---这是为了论坛底部访问统计的查询
----删除所有游客
DELETE FROM cdb_sessions
WHERE sid='9brXS4' --不知道这个sid从何而来(可能为随机)
OR lastactivity<(1166753279-900) --15分钟未活动的游客
OR ('0'<>'0' AND uid='0') --此条件永远为false , 0当然=0
OR (uid='0' AND ip1='127' AND ip2='0' AND ip3='0' AND ip4='1' AND lastactivity>1166753279-60) --或者同一ip活动时间1分钟内的.(即去除同一ip的重复记录)
----插入此游客记录到session里
INSERT INTO cdb_sessions
(sid, ip1, ip2, ip3, ip4,
uid, username, groupid, styleid, invisible, action,
lastactivity, --当前时间为活动时间
lastolupdate, seccode, --seccode安全码?不知道有什么用
fid, tid, bloguid)
VALUES ('9brXS4', '127', '0', '0', '1',
'0', '', '7', '1', '0', '1', '1166753279', '0', '9373', '0', '0', '0')
--在线人数信息------
SELECT uid, username, groupid, invisible, action, lastactivity, fid FROM cdb_sessions ORDER BY uid DESC
-----///////////////////登录过程/////////////////////////////----------以下语句看起来是无用-----------
SELECT uid, secques FROM cdb_members WHERE username='admin'
UPDATE cdb_members SET username='admin', password='45e153xxxxxxx87cb6bf8', email='dfds@126.com'
WHERE uid='1054'
----------貌似这里是重复劳动---------------
SELECT uid AS discuz_uid, username AS discuz_user, password AS discuz_pw, secques AS discuz_secques,
adminid, groupid, groupexpiry, extgroupids, email, timeoffset, styleid, tpp, ppp, posts, digestposts, oltime, pageviews, credits,
extcredits1, extcredits2, extcredits3, extcredits4, extcredits5, extcredits6, extcredits7, extcredits8, timeformat,
dateformat, pmsound, sigstatus, invisible, lastvisit, lastactivity, lastpost, newpm, accessmasks, xspacestatus, editormode, customshow
FROM cdb_members WHERE uid='1054' AND password='45e1534xxxxxxx387cb6bf8' AND secques=''
---查论坛帖子数量信息------
SELECT t.*, f.name FROM cdb_threads t, cdb_forums f
WHERE t.fid<>'0' AND f.fid=t.fid ORDER BY t.dateline DESC LIMIT 0, 10
---查论坛帖子数量信息------
SELECT t.*, f.name FROM cdb_threads t, cdb_forums f
WHERE t.fid<>'0' AND f.fid=t.fid AND t.closed NOT LIKE 'moved|%' AND t.replies !=0 ORDER BY t.lastpost DESC LIMIT 0, 10
---查论坛帖子数量信息------
SELECT t.*, f.name FROM cdb_threads t, cdb_forums f
WHERE digest>'0' AND t.fid<>'0' AND f.fid=t.fid ORDER BY t.dateline DESC LIMIT 0, 10
--查论坛信息---
SELECT f.fid, f.fup, f.type, f.name, f.threads, f.posts, f.todayposts, f.lastpost, f.inheritedmod, f.forumcolumns, ff.description, ff.moderators, ff.icon, ff.viewperm FROM cdb_forums f
LEFT JOIN cdb_forumfields ff USING(fid)
WHERE f.status='1' ORDER BY f.type, f.displayorder
--online time--
UPDATE cdb_onlinetime SET total=total+'10', thismonth=thismonth+'10', lastupdate='1166754541'
WHERE uid='1054' AND lastupdate<='1166753941'
--在线人数据-----
DELETE FROM cdb_sessions WHERE sid='QvC8mm' OR lastactivity<(1166754541-900) OR ('1054'<>'0' AND uid='1054') OR (uid='0' AND ip1='127' AND ip2='0' AND ip3='0' AND ip4='1' AND lastactivity>1166754541-60)
INSERT INTO cdb_sessions (sid, ip1, ip2, ip3, ip4, uid, username, groupid, styleid, invisible, action, lastactivity, lastolupdate, seccode, fid, tid, bloguid)
VALUES ('QvC8mm', '127', '0', '0', '1', '1054', 'admin', '1', '1', '0', '1', '1166754541', '1166754541', '2124', '0', '0', '0')
---更新会员之后访问
UPDATE cdb_members SET lastip='127.0.0.1', lastvisit=lastactivity, lastactivity='1166754541' WHERE uid='1054'
--在线人数信息------
SELECT uid, username, groupid, invisible, action, lastactivity, fid FROM cdb_sessions ORDER BY uid DESC
-----普通会员的访问/////////////////////////////--sid来自cookie cdb_sid=QvC8mm , 这里不仅验证cookie,而且验证ip,保证了访问用户的身份是来自同一ip,
--那么被cookie复制欺骗的概率就大大的被降低了.对于论坛,安全到ip的级别应该是够用了.况且cdb_sid还是一个随机的字符.
SELECT sid, uid AS sessionuid, groupid, groupid='6' AS ipbanned, pageviews AS spageviews, styleid, lastolupdate, seccode
FROM cdb_sessions WHERE sid='QvC8mm' AND CONCAT_WS('.',ip1,ip2,ip3,ip4)='127.0.0.1'
--查询会员信息,现在我们知道为什么discuz论坛都要定期清理会员了.这个操作是如此的频繁.
SELECT m.uid AS discuz_uid, m.username AS discuz_user, m.password AS discuz_pw,
m.secques AS discuz_secques, m.adminid, m.groupid, m.groupexpiry, m.extgroupids, m.email, m.timeoffset,
m.tpp, m.ppp, m.posts, m.digestposts, m.oltime, m.pageviews, m.credits, m.extcredits1, m.extcredits2, m.extcredits3, m.extcredits4, m.extcredits5,
m.extcredits6, m.extcredits7, m.extcredits8, m.timeformat, m.dateformat, m.pmsound, m.sigstatus, m.invisible,
m.lastvisit, m.lastactivity, m.lastpost, m.newpm, m.accessmasks,m.xspacestatus, m.editormode, m.customshow
FROM cdb_members m WHERE uid='1054'
--查询论坛信息-----------
SELECT t.*, f.name FROM cdb_threads t, cdb_forums f WHERE t.fid<>'0' AND f.fid=t.fid ORDER BY t.dateline DESC LIMIT 0, 10
SELECT t.*, f.name FROM cdb_threads t, cdb_forums f WHERE t.fid<>'0' AND f.fid=t.fid AND t.closed NOT LIKE 'moved|%' AND t.replies !=0 ORDER BY t.lastpost DESC LIMIT 0, 10
SELECT t.*, f.name FROM cdb_threads t, cdb_forums f WHERE digest>'0' AND t.fid<>'0' AND f.fid=t.fid ORDER BY t.dateline DESC LIMIT 0, 10
SELECT f.fid, f.fup, f.type, f.name, f.threads, f.posts, f.todayposts, f.lastpost, f.inheritedmod, f.forumcolumns, ff.description, ff.moderators, ff.icon, ff.viewperm FROM cdb_forums f
LEFT JOIN cdb_forumfields ff USING(fid)
WHERE f.status='1' ORDER BY f.type, f.displayorder
--online time , 每10分钟
UPDATE cdb_onlinetime SET total=total+'10', thismonth=thismonth+'10', lastupdate='1166755500'
WHERE uid='1054' AND lastupdate<='1166754900'
--更新会员信息
UPDATE cdb_sessions SET uid='1054', username='admin', groupid='1', styleid='1', invisible='0', action='1',
lastactivity='1166755500', lastolupdate='1166755500', seccode='2124', fid='0', tid='0', bloguid='0' ,
pageviews=pageviews+1 WHERE sid='QvC8mm'
--在线人数信息------
SELECT uid, username, groupid, invisible, action, lastactivity, fid FROM cdb_sessions ORDER BY uid DESC
-----普通会员操作的验证/////////////////////////////-------passport登录过程\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--passport登录通过后,将密码和几个字段加密后写入cookie,cdb_auth,这样你再访问论坛,它会首先检查
--cdb_sid有无,再看cdb_auth有无,有,取这个cdb_auth,解密后,拿密码,uid和数据库表做对比,正确,则生成cdb_sid并
--插入记录到 session表 .
SELECT * FROM `cdb_members` WHERE username = 'testxx'
SELECT uid, secques FROM cdb_members WHERE username='testxx'
UPDATE cdb_members SET username='testxx', password='52c69e3a57331099999991c4e69d3f2e', email='99@99.com'
WHERE uid='852'
061222 13:45:47 3 Connect root@localhost on
SELECT uid AS discuz_uid, username AS discuz_user, password AS discuz_pw, secques AS discuz_secques,
adminid, groupid, groupexpiry, extgroupids, email, timeoffset, styleid, tpp, ppp, posts, digestposts, oltime, pageviews, credits,
extcredits1, extcredits2, extcredits3, extcredits4, extcredits5, extcredits6, extcredits7, extcredits8, timeformat,
dateformat, pmsound, sigstatus, invisible, lastvisit, lastactivity, lastpost, newpm, accessmasks, xspacestatus, editormode, customshow
FROM cdb_members WHERE uid='852' AND password='52c69e3a57331099999991c4e69d3f2e' AND secques=''
SELECT t.*, f.name FROM cdb_threads t, cdb_forums f WHERE t.fid<>'0' AND f.fid=t.fid ORDER BY t.dateline DESC LIMIT 0, 10
SELECT t.*, f.name FROM cdb_threads t, cdb_forums f WHERE t.fid<>'0' AND f.fid=t.fid AND t.closed NOT LIKE 'moved|%' AND t.replies !=0 ORDER BY t.lastpost DESC LIMIT 0, 10
SELECT t.*, f.name FROM cdb_threads t, cdb_forums f WHERE digest>'0' AND t.fid<>'0' AND f.fid=t.fid ORDER BY t.dateline DESC LIMIT 0, 10
SELECT f.fid, f.fup, f.type, f.name, f.threads, f.posts, f.todayposts, f.lastpost, f.inheritedmod, f.forumcolumns, ff.description, ff.moderators, ff.icon, ff.viewperm FROM cdb_forums f
LEFT JOIN cdb_forumfields ff USING(fid)
WHERE f.status='1' ORDER BY f.type, f.displayorder
UPDATE cdb_onlinetime SET total=total+'10', thismonth=thismonth+'10', lastupdate='1166766347' WHERE uid='852' AND lastupdate<='1166765747'
INSERT INTO cdb_onlinetime (uid, thismonth, total, lastupdate)
VALUES ('852', '10', '10', '1166766347')
DELETE FROM cdb_sessions WHERE sid='5sS9P0' OR lastactivity<(1166766347-900) OR ('852'<>'0' AND uid='852') OR (uid='0' AND ip1='127' AND ip2='0' AND ip3='0' AND ip4='1' AND lastactivity>1166766347-60)
INSERT INTO cdb_sessions (sid, ip1, ip2, ip3, ip4, uid, username, groupid, styleid, invisible, action, lastactivity, lastolupdate, seccode, fid, tid, bloguid)
VALUES ('5sS9P0', '127', '0', '0', '1', '852', 'testxx', '10', '1', '0', '1', '1166766347', '1166766347', '4097', '0', '0', '0')
SELECT uid, username, groupid, invisible, action, lastactivity, fid FROM cdb_sessions ORDER BY uid DESC
感谢您的认可和支持
微信
支付宝
本文标签:
很赞哦! ()
相关教程
图文教程
E8820s路由器部署Discuz论坛的方法
40包邮e8820s,mt7621a处理器,默频880mhz,这款路由器的breed里好像没有超频选项,不然超到1100 1200可以提升很大闪存和内存在7621里也算可以了
Discuz论坛提速优化技巧
Discuz是国内最受站长们欢迎的建站源码之一,除了开源以外还有着很强大的后台,即便是没有建站基础和不懂代码的站长也能很快的架设出一个论坛,甚至是门户。
Windows7&IIS7.5在内网部署Discuz
部署环境就一台普通的PC,四核i3,Windows7。这就开搞了。系统是Windows 7 专业版,自带IIS7.5(家庭版不带)。IIS7开始带了FastCgi,对PHP支持好了许多,所以也不必装Apache啦。
php使用curl模拟登录discuz模拟发帖的实现方法
php的curl真的是相当好用,网上一搜索相关文章都是关于curl模拟登陆的,很少人提供模拟discuz发贴的源码。
相关源码
-
(自适应响应式)APP应用程序软件介绍落地页源码免费下载该模板为营销技术从业者设计,提供专业的内容展示平台。采用响应式布局,适配软件介绍、APP推广等营销场景,通过可视化后台可快速搭建符合行业特性的展示网站。查看源码 -
(PC模板)工商公司注册会计财务记账pbootcms模板源码下载基于PbootCMS的工商财税行业网站系统,手工编写前端代码确保执行效率,双端自适应设计,支持后台实时更新服务价格和政策文件。查看源码 -
帝国cms大气淘宝客网站源码带手机版带火车头采集本款创意礼物导购网站模板为礼物类电商平台设计,采用清爽简约的界面风格,具备完善的商品导购功能。系统支持在文章攻略中灵活插入商品购买链接,实现内容与电商的结合。查看源码 -
自适应LED照明外贸灯具灯泡灯具英文网站模板该外贸灯具网站模板专为LED照明、灯具出口企业定制,采用PbootCMS内核开发,提供高效建站方案。通过响应式设计和SEO优化能力,帮助企业低成本构建专业外贸展示平台。查看源码 -
(自适应)蓝色英文外贸电子科技产品带三级栏目网站模板为外贸企业设计的英文网站模板,基于PbootCMS系统开发。突出多语言支持和国际化布局,三级栏目结构清晰展示产品分类,响应式设计确保更好客户在移动端和PC端获得一致的专业体验。查看源码 -
帝国cms淘宝客京东联盟网站整站源码下载本模板基于帝国CMS内核深度开发,为淘宝客行业量身定制。随着腾讯微信与淘宝生态的互联互通,淘宝客链接现可在微信、QQ等平台直接分享,为推广带来更多便利。模板特别优化了店铺推广功能,有效避免商品下架导致的链接失效问题,同时支持京东联盟等多平台商品推广。查看源码
| 分享笔记 (共有 篇笔记) |
